<!DOCTYPE html>
<html>
  <head>
    <title>Test advertised required document policy</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>  </head>
  <body>
    <h1>Test advertised required document policy</h1>
<script>
// The top-level document does not have any document-policy-related headers.
// A request for a document in a frame should not include a
// `Sec-Required-Document-Policy` header, unless that frame requires it
// explicitly through the `policy` attribute.

callbacks = {};

window.addEventListener('message', ev => {
  var id = ev.data.id;
  if (id && callbacks[id]) {
    callbacks[id](ev.data.requiredPolicy || null);
  }
});

async_test(t => {
  var iframe = document.createElement('iframe');
  iframe.src = "/document-policy/echo-policy.py?id=1";
  callbacks["1"] = t.step_func_done(result => {
    assert_equals(result, null);
  });
  document.body.appendChild(iframe);
}, "Child frame should have no required policy by default.");

async_test(t => {
  var iframe = document.createElement('iframe');
  iframe.src = "/document-policy/echo-policy.py?id=2";
  iframe.policy = "force-load-at-top=?0";
  callbacks["2"] = t.step_func_done(result => {
    assert_equals(result, "force-load-at-top=?0");
  });
  document.body.appendChild(iframe);
}, "Child frame can have an explicit required policy.");
    </script>
  </body>
</html>
